Page 14 - DCAP309_INFORMATION_SECURITY_AND

Page 14 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY

P. 14

Information Security and Privacy

Notes Self Assessment

Fill in the blanks:
7. Current information infrastructures are combination of traditional information systems
and ....................... technology.

8. The function of the World Wide Web is offered and assured by the .......................
organizations.
9. All the systems and spheres are incompletely or completely dependent on the ..................... .

10. ....................... is used to format messages between web services.
11. The function of each ....................... offers the work of one, tens, hundreds or even thousands
of websites.

1.5 Information System Security and Threats

Security information management is a type of software that automates the collection of event
log data from security devices, such as such as firewalls, proxy servers, intrusion-detection
systems and anti-virus software.
The short form of Security information management is SIM. The SIM translates the logged data
into correlated and simplified formats. Many SIM architecture provides security reporting,
analysis and reporting for Sarbanes-Oxley, HIPAA, Basel II, FISMA and Visa CISP compliance
audits.
A SIM automates collection and analysis of information from all the security components in a
network. Rather than having to look at logs and alerts from firewall, IDS, anti-virus, VPN, and
other security systems, a security manager can obtain all of this information from a single SIM
console. Some SIMs simply aggregate reports from these various components; others correlate
the information to improve the quality of overall security information.
Security Information Management (SIM) products (also referred to as Security Information and
Event Management or Security Event Management) automate the manual process of collecting
security-specific event-log data from file systems, security appliances and other network devices.
These products, which can be hardware, software, or a service, feature data-aggregation and
network event-correlation features similar to those found in network management software.
Information can be collected from firewalls, proxy servers, intrusion-detection systems, intrusion-
prevention systems, routers and switches, and anti-spam, anti-virus and anti-spyware software.
In addition to being able to access a number of sources for this information, SIM products try to
distinguish themselves by how quickly they can collect the information without missing an
event, how well the can correlate specific security events with user identities, and how rich their
reporting capabilities are to help managers.

Example: Distinguish a legitimate security event from a false-positive alert.
The main objective of Security Information Management is to prevent interruptions to business
activities and ensure the correct and secure operation of computer and network facilities. It can
be obtained by:
1. Minimizing the risk of systems failures (through use of appropriate operational procedures
and plans).

2. Safeguarding the integrity of the organization’s software and data.

8 LOVELY PROFESSIONAL UNIVERSITY

9 10 11 12 13 14 15 16 17 18 19